Effective Date: April 20, 2022
referred to as "Privy") to respect and protect any User's personal data or information through
the https://privy.id site, its derivative sites, as well as the Privy Application (hereinafter referred
including but not limited to PrivySign and PrivyPass (hereinafter referred to as the “Privy
collects, uses, shares, processes, and secures User’s personal data for Privy Services. By using the
Privy Services, Users understand that Privy will collect and use User information as described in
definition used in this Policy refer to the definition explained in the PrivySign Service Terms of
1. INFORMATION COLLECTED BY PRIVY
Privy may collect Personal Data of Privy Users, which are as follows:
Data that Privy request from Users
When the User creates a Privy Account, the User is required to provide Basic Data,
including but not limited to Personal Data information consisting of full name,
date of birth, User Identity Card (KTP), or other identity cards (including the
information contained therein), cell phone numbers, e-mail addresses, and
biometric data. To create a Privy Account and use Privy Services, User are required
to provide Privy with some information and Personal Data in a true, clear,
accurate, and complete manner to Privy. If the User does not provide the Personal
Data required at this point or provides statements and guarantees, information,
or Personal Data that is untrue, unclear, inaccurate, or incomplete, then Privy has
the right to refuse the application for creating a Privy Account for that User and
suspend or terminate in part or in full of the Privy Services provided to Users.
Data that Privy collects automatically
When User uses Privy Services, Privy will automatically collect Personal Data such
as IP Addresses, login information, geolocation, client browser & version,
timestamp of activities, operating system, and User transaction data related to
the use of Privy Services.
When the User uses Privy Services, including Privy Services through Third Parties,
Users may provide other Personal Data (other than those referred to in points a
and b above) to Privy from time to time.
Data that Privy collects from Third Parties
User can create a Privy Account through a Third Party to access or use the services
provided by that Third Party. The third-party that provides the Privy Account
creation service is the registration authority. The registration authority will then
forward the Personal Data information that the User provided at the time of
registration to Privy to create a User's Privy Account.
quality of the Privy service, to recognize and remember certain information on the
User's browser including session management, service personalization, and user
activity recording. The User can choose to disable cookies in the User's browser,
but if the user disables cookies, certain functions of the Site's services will be
2. USE OF PERSONAL DATA
The Personal Data that the User provides will be used to provide product services from Privy,
- Issue PrivyID, create a Privy Account, and issue, manage and revoke Electronic Certificates
issued by Privy.
- Collect, record, and analyze data related to the activity of using the Privy Services.
- Provide information related to the use of the User's Privy Account, such as information
on the use of services and information in the form of promotions.
- Repair and improve products and services to Privy Users.
3. PERSONAL DATA SHARED
Privy will openly disclose User’s Personal Data information, including but not limited to
Personal Data, which is contained in the Privy Account and/or contained in the Electronic
Certificate issued by Privy as necessary in order to fulfill the Privy Service used by the User.
Privy does not sell and/or share a User's Personal Data with other parties without the User's
consent. Privy guarantees that only User, Third Parties, and/or other parties with which the
User consents, can access and/or view the uploaded Electronic Documents or Personal Data
contained in the User's Privy Account.
In the event that the User gives consent to the Third Party to use the Privy Account to access
or use the services provided by the Third Party, the use of the User's Personal Data by the
In addition to the above provisions, Privy may disclose User Personal Data to:
- Other Users, as parties who are in direct contact with Users in connection with User use
of the Privy Services;
- Individuals, organizations, entities, or government authorities where Privy has an
obligation to comply with law and regulation, in the context of law enforcement processes
or taking preventive actions in connection with illegal activities, suspected criminal acts,
violations of law, or law and regulation;
- Agents, contractors, or Third Parties who provide services to Privy so that Privy can
provide services to its Users in connection with the use of such User's Personal Data. Such
agents, contractors, or Third Parties provide services to Privy in the form of verification,
authentication, analysis, promotion, fraud detection, payment, or other customer
support services. Privy ensures that such agents, contractors, or Third Parties will only use
User’s Personal Data as necessary to support Privy Services; and
- Organizations or Legal Entities with which the User is associated and registered with him
through the Privy Service.
4. SECURITY OF USER PERSONAL DATA
Privy takes security and storage efforts with great care to protect the confidentiality of User's
Personal Data from time to time. Any content uploaded and sent by Users to the Privy Service
will be stored securely and sent confidentially using industry standards for securing electronic
information. Privy sets high standards for information security, please note that Privy is ISO
27001:2013 certified regarding Information Security Management systems.
The User is responsible for maintaining the confidentiality of the User's Privy Account details,
including the User's password and One Time Password (OTP) that Privy may send to the User
from time to time to anyone, and must always maintain and be responsible for the security of
the device that the User uses to access Privy Service.
5. DATA STORAGE
Privy retains the User's Personal Data for the period required for the purposes of processing
the Personal Data. In addition, the storage of the User's Personal Data is carried out in
accordance with the provisions of the prevailing law and regulation.
6. USER RIGHTS
The User has the right to access the User's Personal Data stored on the User's Privy
The user has the right to change the User’s Personal Data stored on Privy. Changes,
additions, or updates of information and Personal Data in the form of Basic Data can only
be made by giving notification to Privy through Privy's contact. Meanwhile, for categories
other than Basic Data, this can be done through the Privy Application. Privy reserves the
right to request supporting documents and/or verify changes, additions, or updates to
such information and Personal Data in accordance with Privy's procedures.
Based on the User’s request, Privy will delete the User's Personal Data from the Privy
system. Before the deletion of Personal Data can be processed, the User must fulfill the
verification requirements carried out by Privy. Privy has the right to ask for reasons for
deleting Personal Data from Users. The request for deletion of Basic Data can only made
by giving notification to Privy through Privy's contact. Meanwhile, for categories other
than Basic Data, this can be done through the Privy Application. The impact of deleting
Basic Data is the closure of the Privy Account.
can be submitted through a notification from the User to Privy as described below.
7. LIMITATION OF LIABILITY
User will release, hold harmless, give compensation, and defend Privy, including any officers,
directors, employees, or agents of Privy from and against any and all requests, claims, losses,
responsibility, liabilities, costs, damages, and expenses (including but not limited to legal fees
and compensation expenses) resulting directly or indirectly from:
- any loss due to Personal Data that is intercepted, bugged, accessed, stolen, disclosed,
changed, or destroyed by an unauthorized third party, due to factors beyond Privy's
including those resulting from User error or negligence; or
- collection, use, maintenance, sharing, or disclosure of data and information carried out
on sites or applications owned, managed, and/or operated by Third Parties.
8. APPLICABLE LAW AND DISPUTE RESOLUTION
- Users and Privy agree that all disputes or conflict arise from or related to matters
be resolved in the following manner:
- One of the parties, either User or Privy ("First Party") is required to provide written
notification to the other party ("Second Party") regarding the occurrence of a Dispute
("Dispute Notification"). Disputes must be resolved by deliberation to reach consensus
within thirty (30) calendar days from the date of the Dispute Notification (“Deliberative
- If the dispute cannot be resolved by deliberation and consensus until the end of the
Deliberative Settlement Period, the First Party and the Second Party agree that the
Dispute will be referred to and resolved by the Indonesian National Arbitration Board
(“BANI”) according to the rules of arbitration procedure at BANI which is located at
Wahana Graha Floor 1 and 2, Jl. Mampang Prapatan No. 2 Jakarta 12760, with the
- The language used in the arbitration is Bahasa Indonesian;
- The place of arbitration is in Jakarta, Indonesia;
- The First Party and the Second Party will jointly appoint one (1) arbitrator who will
be the sole arbitrator to settle the dispute;
- Arbitration costs and legal fees must be borne by the losing party; and
- The arbitration award is final and binding on the First Party and the Second Party.
- One of the parties, either User or Privy ("First Party") is required to provide written
between one language and another, the Bahasa Indonesian text will prevail.
10. CONTACT AND NOTIFICATIONS
Notice from Privy
Any notification from Privy addressed to User will be announced through the Site and sent
via electronic mail (email), short message service (SMS), or push notifications through the
Privy Application installed on the User's device registered with Privy.
Notice from User
Any notification from a User addressed to Privy becomes effective when the notification
is received by Privy via the electronic mail address (e-mail address) email@example.com
and/or through a physical document sent to PT Privy Identity Digital with the address Jl.
Kemang Raya No. 34L, 2nd Floor, Bangka Village, Mampang Prapatan District, South
Jakarta 12730, Indonesia.